Designated Businesses and AML/CFT compliance
20 May, 2021
The Designated Businesses (Registration and Oversight) Act 2015 (the “Act”) places responsibility on the Isle of Man Financial Services Authority (“FSA”) for monitoring businesses in the regulated sector – outside of Financial Services - in relation to their compliance with Anti-Money Laundering/Combatting the Financing of Terrorism (“AML/CFT”) legislation.
The Act provides the FSA with a range of oversight and enforcement powers, which, where applied can be intrusive and costly to a business.
Here we explore the scope of the Act, highlight the key aspects of The Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 (the “Code”) and signpost sector specific guidance.
Scope of the Act
Schedule 1 of the Act describes those Designated Non-Financial Businesses and Professions (“DNFBPs”) to which the Act applies; this includes lawyers and advocates carrying on business in respect of financial or real property transactions, tax advisors, estate agents, external accountants and virtual currency businesses.
DNFBPs are not licensed by the FSA and remain accountable to their respective professional bodies in respect of their wider business competence and other matters, but are required to register with, and are overseen by the FSA for AML/CFT compliance.
As customers that’s what we expect, and in some industries lack of reliability isn’t just a commercial problem: severe lack of water or energy can impact life safety; severe compromise of financial services can impact economic safety.
Inspections and investigations
The Act grants the FSA powers to conduct onsite inspections at DNFBPs’ premises and conduct investigations so as to satisfy themselves that the DNFBP is compliant with Act, and their procedures are compliant with AML/CFT legislation.
The FSA may exercise its power to take possession of any documentation it feels is relevant to its investigation, or to request information – such as information relating to the affairs of a client or the structural make up of the DNFBP itself. There can be severe consequences for any person found guilty of an offence under the Act, relating to inspections and investigations and the provision of information.
Action and enforcement
Where, for example, AML/CFT failings have been found, the FSA will issue a report to the DNFBP which will detail remedial action to be undertaken, and a time frame in which to rectify the failing. This can be escalated by way of a formal direction from the FSA who may issue a public statement about the direction, or other contraventions of the Act. Depending on the nature of the AML/CFT failing and the remedial action to be undertaken, the costs at this point are likely to be financial and reputational in nature.
The FSA also has the option to seek injunction and remedial orders from the Courts. Such action is likely to be pursued where the FSA is satisfied that contraventions of the Act or AML/CFT legislation will re-occur or continue. This type of action may arise in cases concerning prohibitions on carrying on designated business if not registered, supply of information to the FSA or a direction made under the Act.
Civil penalties may also be applied by the FSA for contraventions of the Act, from failing to submit an annual return to non compliance with an a direction issued under the Act. Details of civil penalties are set out in the schedule to the Designated Business (Civil Penalties) Order 2015. Contraventions of AML/CFT legislation may be disposed of through criminal proceedings or by way of further civil penalties provided for under the Anti-Money Laundering and Revocation of registration may occur where; for example but not limited to, the FSA is satisfied that the DNFBP has failed to comply with AML/CFT legislation, or has provided false or misleading or inaccurate information under the Act.
AML/CFT Code 2019
Vital to avoiding any of the foregoing is ensuring your business’ AML/CFT Framework, processes and procedures are fully aligned with the AML/CFT Code 2019.
Guidance
The AML/CFT Handbook and associated guidance notes are the primary sources of persuasive guidance, however, in 2020, sector specific AML/CFT guidance has been produced for accountants, high value goods dealers, money lenders and virtual currency businesses with guidance for other DNFBPs on the way.
What we see in practice
The regulatory environment is constantly evolving as new threats emerge and, here at PwC, we appreciate that it can be difficult for businesses to maintain pace.
Some of the main areas where we still perceive challenges for DNFBPs, in their pursuit for compliance, are set out in the table below.
| Code Requirements | |
| Business Risk Assessment | A thorough examination of the risk of Money Laundering/Terrorist Financing (“ML/TF”) exposure to the business through its practices, offerings and its customers and making a judgment on matters such as threat, vulnerability and consequences. |
| Customer Risk Assessment | An assessment of the ML/TF risks from the customer, the channels through which the business engages with the customer, transactions and geographical locations to which the customer is connected. |
| Technology Risk Assessment | An assessment of the risks posed by new and existing technologies utilised across the business. The assessment extends to technologies other than payment mechanisms and delivery channels. |
| Introduced Business | When a customer is introduced by a third party, and where that third party has provided client due diligence or other verification documents the business must conduct a risk assessment of the introducer. |
| Customer Due Dilligence and ongoing monitoring | Businesses must ensure that they have procedures and controls in place to verify the identity of the their customers, take reasonable measures to establish source of funds and obtain information on the purpose of the business relationship. Those carrying on Generic Designated Business do not need to, subject to certain conditions under the Code, verify customers identity in respect of new business or occasional transactions. |
| Reporting and Registers | You must appoint a money laundering reporting officer and main records of ML/TF disclosures made internally, externally and enquiries received from the authorities. |
| Testing and record keeping | To ensure your controls are robust you must carrying out regular testing. You must have controls in place to satisfy yourself as to integrity of new staff and provide Compliance training for everyone in your organisation and maintain up to date records in respect of all. |
In conclusion
DNFBPs have been so designated because of the perceived susceptibility to ML/TF owing to the nature of their business and the activities that they may conduct. For DNFBPs Code compliance is mandatory, not optional.
We have a wealth of experience advising businesses, in the DNFBP sector, in AML/CFT compliance and offer a range of services to help you at all stages of your compliance journey.
To discuss the challenges raised in this blog, please get in touch. For information about how we can help your business, please visit our Risk & Regulatory services page.